"In the previous message, Neil Woods said..." > > We're getting some interesting stuff on bugtraq these days......8-o. binmail > src would have been very handy all those months ago. > > I hope Tim has a src licence for SunOS - if he does, is he breaking the > agreement by allowing parts of it to be released from his account? Not if it was via someone breaking in on the system that was properly set up via a hole in the system code. He certainly is not responsible for a vendor's errors, is he? It looks very much Tim Newsham has had his account compromised (probably the whole site is a mess), and used as a funnel to post all these cracking scripts. His explanation was plausable, and nobody with one working neuron would post that stuff from his own account. Remember, if a .forward file was placed in his home subdir (and it would go unnoticed), one could simply mail this stuff to him, and it would be passed right on. > And when are Sun going to provide a statement about the current distribution > of their code? Unless they have a way to trace back and catch this clown (not the victim whose account was compromised - wonder who else's account has been compromised on the same site?) huffing and puffing serves no purpose. Better to stay non-commital for the moment, and get evidence, and CATCH these people that are breaking into systems and introduce them to the criminal justice system rather than drive them further underground. If source access were not limited to a privileged few (and the crackers, of course), these problems could be addressed MUCH better - think of the wealth of talent to deal with this out there, being ignored because of denial of resources!!! I think a better thing than flaming about source code, etc would be to ask: Are there fixes or workarounds out for all these, and if not perhaps it might be a good idea for those who DO have source to create some? I wonder about things like that thing to modify the ucred struct being fixed at all. I know I sure hope this won't be another "wait a few months" or "wait till next release" sort of thing. Surely someone out there WITH source and an understanding of the system can come up with something. Question I have is - how does doing all those saves and restores in SPARC assembler result in the user being able to modify the ucred struct in a running program without privs to modify memory directly? I suppose a workaround would be to (cringe) disable ps temporarily, or forthose who can, modify it to not show that address info and and deny the info needed to find the ucred struct in a running program, at least until a real fix is devised. Perhaps another idea would be to devise some test to result in the process being killed when a user overflows the register windows (hell, I'm really groping here, so bear with me). One thing is obvious: The crackers have access to source and time to really study it, most admins DON'T. They also know their way around in SPARC assembler (I am still looking for a good book on the subject). These odds need to be evened up a bit. And if vendors knew about this kind of vulnerability and did or said nothing, that borders on criminal. 'Bout time source licenses (for reconfig rights only, not derived works, a hefty fee and royalties are appropriate for that) became more affordable so honest folk would have access and a better chance of dealing with these people. That would at least allow enough differences to be introduced that crackers would not be assured of identical conditions from site to site. A unix-type OS is just too complex to lock the users out totally - not until vendors can GUARANTEE that they have not left some inadvertant holes. And you can bet the cracker's best or most invasive scripts were NOT posted. Nobody shows their ace-in-the-hole. There are sure some bugs to be trackin' there, it seems to me... And yes, I wish I had some fixes to offer. I am sure we will get CERT advisories about un-resolved holes 'round about January or February 1995... PS: So much for crackers not knowing about holes the elite few are aware of... -- pat@rwing [If all fails, try: rwing!pat@eskimo.com] Pat Myrto - Seattle WA "No one has the right to destroy another person's belief by demanding empirical evidence." -- Ann Landers, nationally syndicated advice columnist and Director at Handgun Control Inc.